Thursday, January 10, 2013

Cory Doctorow has made me wait almost a year to read Homeland, the much-anticipated sequel to Little Brother, his opus on civil rights and protest in the digital age. With not one but two Doctorow novels, Pirate Cinema and Rapture of the Nerds (which was co-authored with Charles Stross), already on the release schedule for 2012, Homeland has had to loiter in the wings for a 2013 publication date. But the wait has been well worth it. Homeland is a beyond worthy successor to Little Brother.

The highly prophetic novel, which was first published in 2007, is now regarded as a contemporary classic. As such, Little Brother is required reading in many of our more progressive schools, and has even been turned into a “must see” stage play –– hence Homeland has quite a legacy to live up to.

When I last sat down with Doctorow –– for an interview specifically about Little Brother –– on January 4th, 2012, Obama had just signed the National Defense Authorization Act (NDAA) for Fiscal Year 2012 into law. With the stroke of our President’s pen, yet another of the central themes of Little Brother –– unlimited military detention without trial –– had become fact rather than fiction.

In Homeland (which Doctorow had finished writing a few days prior to our first meeting), we return to the Little Brother universe a year and a half after the last novel left off. In the intervening months, austerity has choked the life and soul out of America, and our hacktivist hero Marcus Yallow has quit his studies, having been forced out of university by financial pressures and burgeoning student debt.

The action kicks off at Burning Man, where Marcus has an unexpected encounter with his sometime ally Masha, and their nemesis Carrie Johnstone. Masha, who is on the run from just about every law enforcement agency you can name (and a few that you can’t), hands Marcus an insurance policy in the form of a key to an encrypted torrent file which contains a treasure drove of highly sensitive data. Her subsequent disappearance prompts Marcus to set up a WikiLeaks-like site, an endeavor which is made all the more complicated by conflicts of interests that arise from his new job as a tech guru for an independent political candidate.

Meanwhile Johnstone has given up her position in the military for a lucrative job in the private sector with a Halliburton type entity that has tentacles embedded in the government, military, and the increasingly lucrative (and corrupt) student loan market. It’s therefore no surprise that Johnstone and her corporation, Zyz, are the subject of much of Masha’s leaked data, and a cat & mouse game ensues involving lawful interception, rootkits, and drones. It’s not all doom and gloom though, and at one point during the breakneck-paced plot, Marcus (and Doctorow vicariously through him) gets to sit down and have a Mini Dungeon adventure with Electronic Frontier Foundation founders John Perry Barlow, John Gilmore and Mitch Kapor, with uber geek Wil Wheaton acting as Dungeon Master.

Having read an advance copy of Homeland, I met up with Doctorow at his North London workspace to question him about it. As I make myself comfortable on his couch and set up my digital recorder on the coffee table next to his well-thumbed copy of the RAND Corporation’s 1955 book A Million Random Digits with 100,000 Normal Deviates, the Canadian-born writer and Boing Boing editor does something quintessentially English by offering me a cup of tea. Normally this would be more than acceptable, but having been tempted by the delights of cold-brew coffee –– Marcus’ hi-octane beverage of choice which fuels much of Homeland –– I can’t help feeling a little disappointed that Doctorow didn’t have a batch on the go…

Sunday, January 6, 2013

"I believe that we are at the brink of a 1,000 year Dark Age and unless we stand up viscerally and powerfully and with civil disobedience and everything we've got, if we don't start fighting for a different kind of future, then we're not going to have a future."
~ Kalle Lasn, Adbusters

Adbusters co-founder and Occupy Wall Street protagonist Kalle Lasn is hoping his new book, Meme Wars, will ultimately facilitate the occupation of the world's financial institutions, corporations, and governments from within. It's a lofty goal and a long game, but as Lasn so eloquently puts it: "If we don't start fighting for a different kind of future then we're not going to have a future."

Over the course of Meme War's 400+ pages, Lasn challenges students in the economics departments of learning institutions around the globe to rise up, reeducate their professors, and demand they cast aside the failed tenets of orthodox economics. He also sets forth a more holistic curriculum which takes into account the psychological and environmental costs of doing business and redefines the concept of wealth to include mental and ecological health.

I spoke with Lasn, who was born in Estonia but is based in Vancouver, by phone.

These days, it's kinda like your computer illiterate granddad is laying down the law on the internet. Only worse. Cause your computer illiterate granddad doesn't have the power to send your ass to jail for longer than most rapists for the crime of clicking on the wrong http link. Which is something the US government is trying to do. Fo' realz. Yep. That.

Case in point. Andrew Alan Escher Auernheimer, a.k.a. @rabite, a.k.a. Weev. He's just been found guilty on one count of not actually hacking anything and one count of having a list of email addresses, even though no one bothered to prove he ever actually had 'em, tho everyone agrees his mate did. Confusing right? You can totally imagine Gramps throwing his hands in the air at this point and saying to hell with this good-for-nothing with two too many silly-ass names - which is pretty much what the US government is doing.

Part of the problem is that the laws Andrew Alan Escher Auernheimer, fuck it, let's just call him Weev, has been found guilty of violating - which came into being under the 1986 Computer Fraud and Abuse Act (CFAA) - predate Hypertext Transfer Protocol, the first documented version of which, V0.9, was codified in 1991. In light of the fact that we've yet to come up with a fully functioning flux capacitor, as you can imagine, the application of the CFAA on today's internet works about as well as Doc Brown's DeLorean time machine.

***

"Couldn't it be argued that Weev actually did something good and beneficial for society?"

Wait? Wut? If that's the case, remind me why Grampa Government is trying to throw his ass in jail?

I'm chatting with Jay Leiderman, a chap who knows a thing or three about the law and the internet. He's an elite California State Bar Certified Criminal Law Specialist-grade lawyer who's defended several high profile hacktivist types, including Raynaldo Rivera of LulzSec and Commander X of the Peoples Liberation Front. He also happens to be a Twitter ninja, which is how I got to know him. A quick perusal of his @LeidermanDevine twitter feed will tell you Jay's a rare legit legal animal who clearly gets today's wobbly whirly web, which is why I called him up to discuss Weev's wobbly whirly situation, which is as follows...

On November 20, 2012, in a Newark, NJ court, Weev was convicted of USC 1028, "identity theft" (as in "stealing" a list of email addresses) and USC 1030 "conspiracy to access a computer device without authorization" -- which, according to Jay, is something we technically all do multiple times every day. Given that Weev was singled out of the entirety of America's online population for prosecution, in real terms, it's safe to say what he's actually more guilty of is embarrassing the fuck out of a Fortune 500 company...and the government no likey that.

Let me explain: Back in 2010 when the iPad first came out, Weev's mate figured out that AT&T was doing a sloppy ass job with autofill on an app, and in the course of achieving this great technological feat had publicly published the e-mail addresses and ICC-IDs (the identifiers that match a person to their SIM card in a mobile device) of its entire iPad customer base on the web - with no password, no firewall, no fuck off or die warning, no nothing to protect them. Yep. Really. They were that dumb.

"There's an AT&T web app that had a URL on it with a number at the end, and if you added one to the number you would see the next email address," explains Weev by phone after I tracked his ass down via teh twitters. Obviously there's quicker ways to get kicks online than adding a digit to a URL and hitting return (have you tried Googling Goatse?), so Weeve's ever resourceful mate, Daniel Spitler, created an app called the "iPad 3G Account Slurper" which sucked up well over 100,000 addresses. "My friend just wrote a script to irate though and add one to the number again and again and again," Weeve tells me. "It's not fucking rocket science. It's basic arithmetic. It could have been done manually on any iPad."

So that explains how they "stole" the list of publicly published email addresses, but why might be a better question to ask. "Comment and criticism against large companies which go unchecked in our country," replies Weev, when I ask him. "And making a public spectacle and ridiculing them, which I think frankly makes me the best fucking American in the room. We used to be a country that valued criticism of the powerful, and we haven't really been in the past three decades."

To add context, at the time, Weev and his mate (who copped a plea bargain) were working under the banner of Goatse Security, and as such, their mission in life was to explore gaping holes (I told you to Google Goatse!). AT&T's might not have been the sexiest of holes, but it was gaping and it could be argued that it was in the public interest that Goatse Security rummage around in it.

Among the private email addresses that AT&T were publicly publishing were ones belonging to politicians (New York Mayor Michael Bloomberg and White House Chief of Staff Rahm Emanuel), members of the military and multiple government agencies (DARPA, DHS, NSA, FAA and FCC), and high profile media types (Diane Sawyer and New York Times CEO Janet Robinson). Goatse Security could have had much lulz with the list and/or sold it for mucho dinero, an option which the duo allegedly discussed in IRC chats but put aside. Instead, they decided to go to the press to speak truth to power, which was really when the trouble began.

Weev served as Goatse's spokesperson and spin master. It was his job to liaise with the media and present stories in a way that might titillate us lazy-ass scribes. "Hey, look, I just found a list of email addresses on a bunch publicly accessible web pages" might have been accurate, but it wasn't the kind of story that would make copy even on the slowest of news days, so Weev sexed it up a bit. In a press release sent to several news outlets he wrote, "I stole your email," and, like a magician offering to explain a trick, followed it up with, "Let me explain the method of theft."

Because of this hyperbole, Weev essentially convicted himself on the first count of "identity theft." The prosecution spent much of their time with Weeve on the stand discussing his use of the words "stole" and "theft" during cross-examination. I mean, I know it's said that sarcasm is the lowest form of humor, but I didn't know it was illegal! And speaking of the law's humor bind spot, the prosecution also referred to Weev's Encyclopedia Dramatica entry and used that against him, which, given the spoof nature of the site, is tantamount to using a Saturday Night Live skit as legitimate and damning character evidence. I. Kid. You. Not.

At no time did Goatse ever make the list publicly available - AT&T were the only ones doing that. The prosecution never really attempted to prove that Weev possessed the full list of email addresses. What neither side disputes is that Weev tapped the list for a handful of press email contacts (something he would have likely got by calling the media outlets direct anyways), then merely passed on a link to it to a journalist for verification. The journalist in question was Ryan Tate of Gawker. His story ran on June 9th, 2010, and it was because of this that the shit hit the proverbial fan.

"This access would have gone unnoticed if I hadn't gone to the press. If I hadn't informed AT&T's customers," says Weev. "They're not really pissed about the access, they're pissed about the speech attached to the access. God forbid corporations be subject to fair comment and criticism."

Talking of access, the second count Weev was convicted of - "conspiracy to access a computer device without authorization" - is something that should be cause for concern for anyone that has ever clicked on anything on the web. The way this law - which predates all of One Direction and the hyperlinked internet as we know it - is interpreted means that accessing a "protected computer" could get your ass slung in jail. But what is a "protected computer" and how the fuck are you supposed to know when you're accessing one? This is where the law gets interesting. And by interesting, I mean really fucking stupid.

"The definition of protected computer comes from comes from the Computer Fraud and Abuse Act of 1986, and in 1986 http hadn't been invented yet," says Weev. "This was a long time ago when servers were things that were only accessible by dial-up that every single one universally had a password for. There wasn't the concept of a public network. At the time, if you were accessing a remote server, and you didn't have permission to be there it's clear that it wasn't public data. But now it's the age of the internet. We click links every day. You've never gotten Google's permission to go to Google, you've never gotten any website's permission that you've visited. It's the universally understood aspect of the web that you can visit a public http server without pre-written authorization. It's a ridiculous notion that you need it. And the prosecutor is using an ancient antiquated definition of a protected system, which is any system that engages in interstate commerce. So essentially, every cell phone, every computer, every public web server is a protected system, and the minute you do something that a website operator doesn't like - if they're rich enough of course, if they're a Fortune 500 company - then they can have you."

That might sound rather dramatic, but Jay, my favorite SG-lovin' lawyer agrees. "Based upon this case, the government's new position is that you are required to be clairvoyant in terms of determining what a protected computer is and what a non protected one is," he tells me. "From now on you have to be a psychic...because if it isn't password protected but it's a 'protected computer' you're potentially going to be found guilty like Weev was."

Thank god there's free tittysprinkles on the internet, because otherwise the risks of clicking on something you shouldn't wouldn't be worth price. As Weev puts it, "The law says every time that you click a link, if the person at the other end has enough money and connections, and they just don't like you, they can have you arbitrarily thrown in jail by declaring your access - after the fact - unauthorized."

But how did we get from "something good and beneficial for society" to "free tittysprinkles"? Well, some might see a very obvious linear connection, but those that don't should consider this; There's a cat and mouse game that goes on between big business and the internet security community, but it's a symbiotic relationship nevertheless. And as consumers who are clueless when it comes to code, we should be grateful to those that are scanning for flaws, and pressuring big corporations to sort their shit out on our behalf.

"Perhaps the greatest lesson of Weev's case is that not only is there no reward for helping these companies patch their holes and fix themselves, indeed now you're going to be facing ten or fifteen years of prison if you do," says Jay. "What's the incentive to make these companies more secure? I mean, you're better off just hacking them now. You're better off just hacking these companies and not telling them. If you get caught essentially you're facing about the same punishment anyway so what's the difference?"

***

Weev is currently in the process of appealing his conviction. You can donate to help with his legal costs here.